8878ad1b9f3ec2fe1c2a184caf944da5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8878ad1b9f3ec2fe1c2a184caf944da5_JaffaCakes118
Size

1.3MB
MD5

8878ad1b9f3ec2fe1c2a184caf944da5
SHA1

a084f8db14fa9e0b2b1f45426745df92557c206b
SHA256

fe888b94babc52e7d4790f9bdfea9f341e94ec1ea1685119d7fcf94cd154c5ad
SHA512

47567a3d81ec544d7a31da9226b0663aa9a7ef7b34f5eb0f5a120683f7e74392ede6947918f6f880c4761339d16542c980d7db30fc40ed5d4d035ab6225ad5f3
SSDEEP

24576:+laBRHq3bwr/BEwdtLl3pYGLBsz3GOVZ95hUBk/fjibDYRAjukk5murdf8bk1ae0:Gay3CDYGLBO3GW5hCk/fjibDg5muYnv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8878ad1b9f3ec2fe1c2a184caf944da5_JaffaCakes118

Files

8878ad1b9f3ec2fe1c2a184caf944da5_JaffaCakes118
.dll windows:4 windows x86 arch:x86

39b3ed2edf785749c00b03b86ff7f476

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

B:\matlab\bin\win32\instutil.pdb

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
GetUserNameW
SetNamedSecurityInfoW
SetEntriesInAclW
GetNamedSecurityInfoW
GetEffectiveRightsFromAclW
RegDeleteValueA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
GetUserNameA
RegEnumKeyExA

comctl32

ord17

comdlg32

GetOpenFileNameA

netapi32

Netbios

ws2_32

ioctlsocket
send
recv
closesocket
getprotobyname
htons
socket
connect
select
__WSAFDIsSet
getsockname
WSAStartup
WSAGetLastError
WSACleanup
inet_addr
inet_ntoa
gethostbyaddr
gethostbyname
gethostname
htonl
ntohl
getsockopt
setsockopt
ntohs

kernel32

ReleaseSemaphore
OpenSemaphoreA
CreateSemaphoreA
SearchPathA
GetFileSize
LocalAlloc
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
GetLocalTime
SystemTimeToFileTime
GetSystemTime
GetModuleFileNameA
GetCurrentProcessId
SetLastError
DeviceIoControl
WriteFile
ReadFile
CreateFileA
GetPrivateProfileIntA
GetPrivateProfileStringA
FindClose
lstrlenW
LocalFree
GetVersionExA
GetProcAddress
LoadLibraryA
FreeLibrary
GetTickCount
Sleep
CloseHandle
WaitForSingleObject
ResetEvent
CreateEventA
SetEvent
GetWindowsDirectoryA
GetVersion
SetErrorMode
SetHandleInformation
GetVolumeInformationA
GetDriveTypeA
GetCurrentProcess
VirtualAlloc
VirtualFree
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineW
GetEnvironmentVariableA
GetEnvironmentVariableW
ReleaseMutex
GetLastError
CreateMutexA
GetProcessTimes
GetModuleHandleA
FindFirstFileW
FindFirstFileA
FindNextFileW
FindNextFileA

user32

wsprintfA
GetClientRect
ScreenToClient
MoveWindow
ShowWindow
SetWindowTextA
SetFocus
GetFocus
GetParent
EndDialog
CreateDialogIndirectParamA
GetDlgItemTextW
SetDlgItemTextA
MessageBeep
GetWindowLongA
SendMessageA
GetDlgItem
GetWindowRect
EnableWindow
GetSystemMetrics
GetActiveWindow
MessageBoxA
SystemParametersInfoW
DialogBoxIndirectParamA
GetDlgItemTextA

shell32

SHGetFolderPathW

shlwapi

SHDeleteKeyW

msvcr80

_except_handler4_common
_onexit
_lock
__dllonexit
_strdup
_getpid
_getcwd
_stricmp
_open
_access
_unlock
__clean_type_info_names_internal
_crt_debugger_hook
_wstat32
_mktime32
_findfirst32
_findnext32
_stat32
_localtime32
_time32
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
_malloc_crt
_encode_pointer
ftell
fread
memmove
_exit
toupper
_unlink
getchar
_popen
perror
exit
atoi
_stat64i32
sprintf
memset
_chmod
__CxxFrameHandler3
free
calloc
memcpy
strlen
_time64
fclose
fflush
_iob
_setjmp3
fprintf
malloc
_sys_errlist
_sys_nerr
strncpy
strcpy
strstr
strcmp
sscanf
strchr
strncmp
_errno
abs
longjmp
realloc
atol
vsprintf
_putenv
_endthread
_beginthread
getenv
clearerr
fseek
strcat
ungetc
fgets
fgetc
strtol
strrchr
__p__environ
rand
srand
tolower
memcmp
qsort
_findclose
fopen
_wfopen
freopen
_wfreopen
_wopen
_close
rename
_wrename
_waccess
remove
_wremove
_wunlink
strncat
_pctype
_isctype
__mb_cur_max

msvcp80

??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ

Exports

Exports

?instutil_build_date@@3PBDB
?instutil_version@@3PBDB
_Java_com_mathworks_instutil_FilePermissionsUtil_addACEToFilesDACL@24
_Java_com_mathworks_instutil_FilePermissionsUtil_changeFileAttribute@16
_Java_com_mathworks_instutil_FilePermissionsUtil_verifyACEToFilesDACL@24
_Java_com_mathworks_instutil_MachineInfo_GetUserName@8
_Java_com_mathworks_instutil_MachineInfo_createRegKey@16
_Java_com_mathworks_instutil_MachineInfo_deleteRegKey@16
_Java_com_mathworks_instutil_MachineInfo_getHostId@28
_Java_com_mathworks_instutil_MachineInfo_getRegKeyValue@20
_Java_com_mathworks_instutil_MachineInfo_isHighContrast@8
_Java_com_mathworks_instutil_MachineInfo_setRegKeyValue@24
_Java_com_mathworks_instutil_licensefiles_LicenseUtil_nativeGetUserLicensePath@8

Sections

.text
Size: 528KB - Virtual size: 525KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textidx
Size: 564KB - Virtual size: 560KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 80B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

39b3ed2edf785749c00b03b86ff7f476

Headers

File Characteristics

PDB Paths

Imports

advapi32

comctl32

comdlg32

netapi32

ws2_32

kernel32

user32

shell32

shlwapi

msvcr80

msvcp80

Exports

Exports

Sections

.text Size: 528KB - Virtual size: 525KB

.textidx Size: 564KB - Virtual size: 560KB

CONST Size: 4KB - Virtual size: 80B

.rdata Size: 36KB - Virtual size: 32KB

.data Size: 104KB - Virtual size: 404KB

.rsrc Size: 4KB - Virtual size: 428B

.reloc Size: 52KB - Virtual size: 48KB

.rsrc Size: 40KB - Virtual size: 40KB

.text
Size: 528KB - Virtual size: 525KB

.textidx
Size: 564KB - Virtual size: 560KB

CONST
Size: 4KB - Virtual size: 80B

.rdata
Size: 36KB - Virtual size: 32KB

.data
Size: 104KB - Virtual size: 404KB

.rsrc
Size: 4KB - Virtual size: 428B

.reloc
Size: 52KB - Virtual size: 48KB

.rsrc
Size: 40KB - Virtual size: 40KB